2013-05-04 89 views
-4

我試圖在現有數據庫中匹配用戶名和密碼,並且在寫入SQL查詢時被困在那一點。SELECT WHERE sql查詢

String selectQuery = "SELECT * FROM "+ TABLE_NAME +" WHERE "+COLUMN_USERNAME + " = '"+usrname+"' AND "+COLUMN_PASSWD+" = '"+passwd+"' "; 
//COLUMN_USERNAME is the column name which stores username COLUMN_PASSWD is column storing password 
Cursor cursor = database.rawQuery(selectQuery, null); 

你可以嘗試使用AccountManager一流爲宗旨:

Cursor cursor = db.rawQuery("Select " + dbh.name + dbh.pass 
+ " from tablename where" +dbh.name +"="+ e1.getText().toString()+";", null); 
+0

這將導致SQL注入。 – 2013-05-04 07:38:43

+3

好吧爲你祈禱 – Freak 2013-05-04 07:38:56

回答

0

編輯您的代碼如下:

Cursor cursor = db.rawQuery("Select " + dbh.name + dbh.pass 
+ " from tablename where " +dbh.name +"='"+ e1.getText().toString()+"'", null); 
0

dbh.name + dbh.pass意味着什麼?這是不同的列嗎?如果是,那麼你必須通過這兩個列名用逗號一樣,

dbh.name +","+ dbh.pass 

,並觸發select查詢一樣,

SELECT "+ dbh.name+","+dbh.pass +" FROM TABLE_NAME WHERE dbh.name=?", new String [] { e1.getText().toString() }); 

希望這將解決您的問題:)